China’s National Network and Information Security Information Center has issued a critical cybersecurity warning regarding OpenClaw, the rapidly proliferating artificial intelligence automation platform. The agency, operating under the Ministry of Public Security, revealed that internet-facing deployments of the viral AI agent are creating substantial security vulnerabilities for organizations and individuals worldwide.
Since its recent release, OpenClaw has triggered a global deployment surge due to its advanced capabilities in processing complex tasks through an extensive plugin ecosystem. However, security analysts have identified multiple critical weaknesses in the platform’s architecture that leave systems dangerously exposed to potential cyberattacks.
The comprehensive security assessment highlights five primary risk categories: fundamental design flaws, inadequate default configurations, vulnerability management deficiencies, plugin ecosystem vulnerabilities, and insufficient behavioral control mechanisms. Particularly concerning is the platform’s default configuration that exposes systems to public internet access without requiring user authentication for remote connections.
According to the technical alert, sensitive data including API keys and conversation histories may be stored in unencrypted plaintext format. More alarmingly, the AI agents demonstrate potential permission control failures during task execution, potentially enabling unauthorized actions that could include data deletion, information theft, or complete device takeover.
Global monitoring data indicates more than 200,000 actively accessible OpenClaw instances worldwide, with approximately 23,000 located within China. Major technology hubs showing significant deployment concentrations include Beijing, Shanghai, and the provinces of Guangdong, Zhejiang, Sichuan, and Jiangsu.
The cybersecurity center has issued urgent recommendations including immediate software upgrades from verified sources, network isolation to internal addresses only, cautious installation of third-party plugins exclusively through official channels, implementation of robust authentication protocols, and strict permission limitations allowing only whitelisted system commands. Organizations are advised to maintain vigilant monitoring of official security advisories to address emerging threats promptly.